IE 9.0.11 Available via Windows Update

This security update resolves three privately reported vulnerabilities in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for Internet Explorer 9 on Windows clients and Moderate for Internet Explorer 9 on Windows servers. For more information, see the full bulletin.

Recommendation. Most customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

For administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.

I currently have the IE10 Release Preview on Windows 7 which was recently released. Am I correct in assuming this vulnerability is not present in this version of IE? The security bulletin only lists IE10 for Windows 8/RT/Server 2012 in the non-affected list; the pre-release version of IE10 for Windows 7 does not appear to be listed anywhere on the page.

In the Compatibility View settings menu, the option "Display intranet sites in Compatibility View" defaults to checked. Will there be a future version of Internet Explorer, perhaps IE11, which keeps the option but has a default setting of unchecked?

I hope so, it will help intranet applications shift to web standards, and allow them to do so at their own pace.

@WbDvlpr, IE complies with W3C and ECMA (JavaScript) standards. In fact, Microsoft is one of the first organizations complying with these standards back in 1997 (when W3C was established at the time of IE4). And you consider yourself as a "web developer"? For starters, try out the official ECMA test http://test262.ecmascript.org/ on every browser you know of and compare the conformance results. As of today, the scores out of 11571 are:

Intranet sites use compatibility mode as long as they do not add the X-UA-Compatible header with ie=edge as its content. It is a single line (either as a meta tag or as an HTTP header) that says, "hey, I know about this compatibility thing, let me use the latest anyway".

So I do not think that the fact that it is not the default is a real obstacle here.

Will memory usage be improved in IE10 for Win7? Right now it shoots up to 1gb+ in an hour or so of browsing. It seems to never empty any displayed content from memory, or it's just leaking ram outright (I haven't tested for that). IE9 used much less memory.

Also, there is a bug when if IE runs out of video card ram, it'll start drawing blank graphics and images will just display the "not loaded" empty frame. This happens in IE9 too.

Good question, IE9 memory usage wasn't great for me after it had been open a while, but IE10 is looking even worse so far on Windows 7, not sure how it is on Windows 8. It used to be Firefox that had the bad reputation for memory usage but for me current versions of Firefox seem to use much less memory than IE10. Hope there will be some improvement before final version, but since IE10 doesn't have as far as I know any equivalent to about:memory it is much more difficult for anyone outside the dev team to try and help track down the issues.

This new patch introduces a potential security exploit and with just CSS, JS, and HTML I can crash the browser every single time I execute a particular set of events. This is code that works fine in IE7,8 and IE9-pre-patch. Who do I talk to about this?

@PhistucK: Yes, I'm glad validation, datalist, several new form CSS selectors, autofocus, pattern, and placeholder will be in IE10 for future generations. There isn't any sign of date inputs (!), scoped styles, or oninvalid eventing, though.

Probably due to a long standing known issue with comments here that MS doesn't seem interested in fixing. If you are not signed in and have had the blog page open for too long, any comment you enter will be lost.

After upgrading IE to 9.0.11, a couple of my pages get an alert at the bottom "A problem displaying localhost caused internet explorer to refresh the webpage using compatibility view", and it refreshes my page using compatibility view. This is not acceptable for the end user, not only it refreshes the page, but when working with tabs or jquery dialogs, it loses track of where the user was. IE 9.0.10 works fine. I have nothing special in my page besides some simple jquery, jquery ui controls, and in one of those 2 pages I have a RadAjaxPanel and a RadScriptBlock. The rest of the pages are working fine. Any ideas of what could be causing this or what should I look for in my code?

After a pc crash, restored pc to original factory condition. IE 7 is installed on Windows Vista Home Premium. I have tried several times to download IE 9 without success. Error: IE not supported …get updates. After getting windows updates, still unable to download IE 9. Now I am not receiving all emails sent to me. Should I download IE 10 instead? Please advise.